Judge Says FTC Can Sue Over Poor Data Security Sue Reisinger, Corporate Counsel April 10, 2014 | 1 Comments share share by mail share on linkedin Facebook share on twitter share on google+ Share With Email Send Thank you for sharing! Your article was successfully shared with the contacts you provided. print reprints In a case being closely watched by general counsel, a federal judge ruled the Federal Trade Commission has authority to take legal action against companies that have faulty consumer data security. Sign up for a free digital membership and get great benefits like: Already Registered? Sign In now 5 free articles* every 30 days, from other ALM publications Exclusive discounts on ALM events and products American Lawyer digital newsletter, plus your choice of more than 30 digital newsletters Access on the device of your choice: smartphone, tablet, or desktop Unlimited free access to Corporate Counsel and Law Technology News online Create Account with LinkedIn Register Now *May exclude premium content VIEW COMMENTS ( 1 ) ADD COMMENT What's being said Sign In Terms & Conditions not available Apr 10, 2014 Actually, the FTC issued data security guidance for businesses in 2011 and 2012. The 2011 guidance is a document titled Protecting Personal Information – A Guide for Business. http://goo.gl/zKrnrA The FTC cited that guide in its March 2012 report on Protecting Consumer Privacy in an Era of Rapid Change in the section discussing the obligation of businesses to provide “reasonable” data security for consumer information. http://goo.gl/OkawYwFor example, 2011 FTC guidance includes the statements:Regular email is not a secure method for sending sensitive data. The better practice is to encrypt any transmission that contains information that could be used by fraudsters or identity thieves.andEncrypt sensitive information that you send to third parties over public networks (like the Internet), and consider encrypting sensitive information that is stored on your computer network or on disks or portable storage devices used by your employees. Consider also encrypting email transmissions within your business if they contain personally identifying information.In other words, the FTC has said that businesses should use email encryption in order to provide “reasonable” data security for sensitive consumer data. Comments are not moderated. To report offensive comments, click here. Preparing comment abuse report for Article# 1202650394926 Send Thank you! This article's comments will be reviewed.